Blake,
That is not a bad thought at all. Actually, if I am correct, the
WS-Security does supersede the [1]. Between a full-fledged wg and an
informed note, given the current forces, I would support turning the
WS-Security into a note.
cheers
| -----Original Message-----
| From: www-xkms-request@w3.org
| [mailto:www-xkms-request@w3.org] On Behalf Of Dournaee, Blake
| Sent: Tuesday, June 18, 2002 3:13 PM
| To: 'reagle@w3.org'
| Cc: www-xkms@w3.org
| Subject: RE: SOAP Confidentiality and Integrity: Next Step?
|
|
|
| Joseph, All -
|
| Given that it looks like SOAP security will be rolled into
| ws-arch, what
| will become of [1]?
|
| Is [1] limited in some way? Why not make an equivalent
| SOAP-enc note to
| compliment this? Just out of curiosity...
|
| [1] http://www.w3.org/TR/SOAP-dsig/
|
| Blake Dournaee
| Toolkit Applications Engineer
| RSA Security
|
| "The only thing I know is that I know nothing" - Socrates
|
|
|
|
| -----Original Message-----
| From: Joseph Reagle [mailto:reagle@w3.org]
| Sent: Tuesday, June 18, 2002 10:24 AM
| To: www-ws-arch@w3.org
| Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org
| Subject: SOAP Confidentiality and Integrity: Next Step?
|
|
|
|
| This email is a final step in a thread in how to start work
| on providing
| confidentiality and integrity for SOAP messages. I've
| discused a range of
| security issues [1] with a conclusion that this topic
| (soap+xmldsig+xenc)
| is most pressing; however, I was not able to find agreement
| that this issue
| should be shoe-horned into an existing WG, instead it should
| be part of the
| Web Services security. [2]
|
| Though I'm relatively ignorant of the ws-arch discussions,
| I've heard the
| ws-arch WG is considering this issue and will try to have charters
| available for work in July [3], but that the immediate issue
| might also be
| delayed be consideration of the bigger issues. Consequently,
| I'd recommend
| that a charter for work in the WS Activity be specified with
| a scope no
| larger than [4] -- and potentially more narrow (e.g.,
| without tokens). A
| "web services security" community does not yet exist (or it
| does, but it's
| fragmented) and starting work on this immediately not only
| commences with
| the work, but helps build a community which then can
| contribute to the
| larger discussion. For instance, because standardized
| security components
| do not yet exist, specifications such as XKMS [5] may end up
| specifying
| "one-off" versions in the short term. However, these could
| be contributed
| to the WS work. We all know somebody who knows somebody who
| is in the other
| WG, but sometimes that isn't quite enough. <smile/>
|
| In conclusion, I advocate a charter with specific and
| immediate terms, and
| an active recruitment of participants. Please let me know if
| and how events
| are likely to be otherwise. Thanks!
|
|
| [1]
| http://lists.w3.org/Archives/Member/w3c-ac-|
forum/2002AprJun/0022.html
| [2]
| http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/
0002.html
[3] http://www.w3.org/2002/05/28-ws-cg-irc.txt
[4]
http://www-106.ibm.com/developerworks/security/library/ws-secure/?dwzone
=sec
urity
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobs
pec/
html/ws-security.asp
[5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html
--
Joseph Reagle Jr. http://www.w3.org/People/Reagle/
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/
W3C XML Encryption Chair http://www.w3.org/Encryption/2001/